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Introduction 


m Corporate and program objectives focus on desired performance and 
results. 

»• Management decisions that affect how to meet these objectives now 
involve a complex mix of: technology, safety issues, operations, process 
considerations, employee considerations, regulatory requirements, financial 
concerns and legal issues. 

»• Risk Assessments are a tool for decision makers to understand potential 
consequences and be in a position to reduce, mitigate or eliminate costly 
mistakes or catastrophic failures. 


Defining Management Risks 


• Management Risk can be defined as - the possibility that an event will occur 
and unfavorably affect the accomplishment of stated goals and objectives. 

»• Different types of risks that can affect a project or company include: 

• Financial markets 

• Politics and public relations 

• Legal liabilities 

• Accidents 

• Weather and other natural disasters 

• Safety Issues 

• Regulatory / Government changes 

• Environmental concerns 


Defining a Risk Assessment 


»• Risk assessment is a systematic process for identifying and evaluating events 
that could affect achieving a goal or objective. 


»• A risk assessment should begin and end with a specific business objective 
associated with the identification of the potential conditions or barriers 
responsible not meeting the objective. 

»• Defined objectives provide a basis for measuring the impact and 
probability (usually identified as likelihood X consequence = riskjof risk 
ratings or rankings. 


Effective Risk Management Plans and 
Programs Include: 


• An objective and systematic program to identify, understand and act to 
address risks including a method to evaluate the identified “risk” and it’s 
consequences. 

• A comprehensive plan for success that includes development, 
implementation, refinement and monitoring of effectiveness of the plan. 

• Actions to ensure that Risk Management becomes an integral part of the 
decision making process. 

m Responsibilities, training and methodology to identify risks on a continuous 
basis 


Risk Identification Includes: 


Safety Objectives (types of 
risk) 

Program Risks Objectives 
(types of risks) 

Factors to consider for 
Company or program risk 
generation 

Workers 

Schedule 

Industry and industry 
standards, 

Facility 

Budget 

Risk tolerance 

Environment 

Public perception 

Tasks, tools, and environment 

Operations 


Type and availability of data 

Public 


Industry views and 
requirements regarding risk & 
reliability 








Effective Risk Management Plans and 
Programs Include (continued): 


»• Processes to communicate risk concerns and identification 
• Risk owners 
»• Method for prioritization 

• Who is responsible for prioritization, who needs to agree? 

• What are the basis for the priorities (methodology)? 

• How risks will be addressed 
»• Action plans 


Analyze Risk 


m Types of assessments include: 

• Qualitative assessments - generally subjective 

• Quantitative assessments - objective, data driven 
m Select Methodology based on: 

• Cost and benefit 

• Fits the need 

»• Risk assessment as a management tool evolves and matures over time 

»• Benchmark and compare risk information across similar organizations 

»• Identify and understand risk causes to determine effective responses to 
minimize risks 


Plan and Implement Risk Responses 


»• Address Risk based on: 

• Consequences 

• Cost/benefit 

• Goals and objectives 

m Options for management decisions 

• Avoidance 

• Minimization 

• Acceptance 

»• Measure the effects of your risk management efforts 
»• Continuously implement improvements 


Risk log/register should: 


»• Track Risks and Associated Tasks 
»• View progress & documents risk 

m Focus on the current situation of each risk and identify changes 
Show responsibilities, due dates and actions 
Show or measure success 


Standards 


m ISO 31000 provides an internationally recognized benchmark for risk 
management practices with sound principles for effective management 
and corporate governance. 

m ISO/IEC 31010:2009 focuses on risk assessment concepts, processes and the 
selection of risk assessment techniques. 


Summary/conclusion 


»• Using a risk assessment methodology is only a starting point. 

»• A risk assessment program provides management with important input in 
the decision making process. 

m A pro-active organization looks to the future to avoid problems, a reactive 
organization can be blindsided by risks that could have been avoided. 

m You get out what you put in, how useful your program is will be up to the 
individual organization. 


